gitlab: support for CI/CD group variables#1692
Merged
moolen merged 3 commits intoexternal-secrets:mainfrom Nov 21, 2022
Merged
Conversation
Contributor
There was a problem hiding this comment.
Greetings!
Thank you for contributing to this project!
If this is your first time contributing, please make
sure to read the Developer and Contributing Process guides.
Please also mind and follow our Code of Conduct.
Useful commands:
make fmt: Formats the codemake check-diff: Ensures the branch is cleanmake reviewable: Ensures a PR is ready for review
4153795 to
bf87978
Compare
rfelgent
reviewed
Nov 6, 2022
pkg/provider/gitlab/fake/fake.go
Outdated
| } | ||
|
|
||
| func (mc *GitlabMockClient) GetVariable(pid interface{}, key string, opt *gitlab.GetProjectVariableOptions, options ...gitlab.RequestOptionFunc) (*gitlab.ProjectVariable, *gitlab.Response, error) { | ||
| func (mc *GitlabMockProjectClient) GetVariable(pid interface{}, key string, opt *gitlab.GetProjectVariableOptions, options ...gitlab.RequestOptionFunc) (*gitlab.ProjectVariable, *gitlab.Response, error) { |
There was a problem hiding this comment.
some remarks:
- is there now a "group gitlabclient" and a "project gitlab" client ?
- how to you handle "enviroment_scope" which is not supported in group variables ? who do you handle "project_id" ? can those configuration be handled and validated exclusively ? should they be handled esclusively ?
- how do you handle following scenarios (what is/should be the valid scenario?)
-- gitlab provider configured only with group-client
-- gitlab provider configured only with project-client (status quo)
-- gitlab provider configured with both (what is the merge strategy then?)
Contributor
Author
There was a problem hiding this comment.
- The client is just an internal abstraction of the gitlab library.
- Environment_scope is filtered "manually" (there is also a comment that the gitlab API does not support this yet)
-- "only group id" -> error message because projectId is mandatory
-- "only project id" -> no change in behavior
-- group's from left to right (IDs in configuration) followed by project
Member
There was a problem hiding this comment.
(1) gitlab provider configured only with group-client
(2) gitlab provider configured only with project-client (status quo)
(3) gitlab provider configured with both (what is the merge strategy then?)
My GitLab knowledge is a bit rusty, IIRC:
- the group vars are inherited but the API doesn't show them when calling
GET /projects/:id/variables - If a project var
foois defined it takes precedence over a group-level variable
I would follow that order of precedence and implement the same behaviour.
From a user perspective it should be completely fine to pull only group variables without specifying a project. I think we should make the projectID optional and validate that any one of project-id or group-id has been configured.
If both are configured we follow the same precedence: project vars > group vars.
Contributor
Author
There was a problem hiding this comment.
@moolen Thanks for the review. I fully agree. This expectation is exactly what I implemented.
rfelgent
reviewed
Nov 6, 2022
rfelgent
reviewed
Nov 6, 2022
|
@domizei385 thank you for solving all the gitlub provider issues ! Although not a official reviewer for ESO, I took some time to give my 2 cents on your pull request. |
bf87978 to
84af8d7
Compare
|
has anybody from the committer time to do the review ? |
Member
|
Hey @rfelgent i'll try to take a look at it later |
moolen
reviewed
Nov 15, 2022
Member
moolen
left a comment
There was a problem hiding this comment.
Hey, i found the time to take a look, commented on the open threads. Let me know what you think 🙇
pkg/provider/gitlab/fake/fake.go
Outdated
| } | ||
|
|
||
| func (mc *GitlabMockClient) GetVariable(pid interface{}, key string, opt *gitlab.GetProjectVariableOptions, options ...gitlab.RequestOptionFunc) (*gitlab.ProjectVariable, *gitlab.Response, error) { | ||
| func (mc *GitlabMockProjectClient) GetVariable(pid interface{}, key string, opt *gitlab.GetProjectVariableOptions, options ...gitlab.RequestOptionFunc) (*gitlab.ProjectVariable, *gitlab.Response, error) { |
Member
There was a problem hiding this comment.
(1) gitlab provider configured only with group-client
(2) gitlab provider configured only with project-client (status quo)
(3) gitlab provider configured with both (what is the merge strategy then?)
My GitLab knowledge is a bit rusty, IIRC:
- the group vars are inherited but the API doesn't show them when calling
GET /projects/:id/variables - If a project var
foois defined it takes precedence over a group-level variable
I would follow that order of precedence and implement the same behaviour.
From a user perspective it should be completely fine to pull only group variables without specifying a project. I think we should make the projectID optional and validate that any one of project-id or group-id has been configured.
If both are configured we follow the same precedence: project vars > group vars.
9d0e77f to
804fa80
Compare
moolen
reviewed
Nov 18, 2022
Member
moolen
left a comment
There was a problem hiding this comment.
Hey, i took some time to do some actual end to end testing this time.
804fa80 to
8be430a
Compare
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
36f9a51 to
ea170e3
Compare
Contributor
Author
|
@moolen Thanks for your review. I gave it another shot and I hopefully tackled the issues you raised. |
moolen
reviewed
Nov 19, 2022
Member
moolen
left a comment
There was a problem hiding this comment.
Sort by FullPath is a neat trick! 👍
We're getting closer, looks promising! Found nil pointer issues when using multiple items in .spec.data, see comments.
…ject groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
ea170e3 to
8ab1c6e
Compare
moolen
reviewed
Nov 20, 2022
Member
moolen
left a comment
There was a problem hiding this comment.
✔️ functional testing looks good!
Could you please update the docs to reflect the new feature 🙏?
| return nil, err | ||
| } | ||
|
|
||
| err = g.ResolveGroupIds() |
Member
There was a problem hiding this comment.
nit: could you please return the group ids here so it is immediately clear what the function does instead of changing the state of *Gitlab?
gids, err := g.ResolveGroupIds()That func returns (1) the hard-coded groupIDs from the store if inheritFromGroups=false or (2) the resolved groupIDs if inheritFromGroups=true. That may be easier to reason about and it's not needed to store too many fields on the Gitlab struct (just the store).
Contributor
Author
There was a problem hiding this comment.
Thanks.
The problem is that we dont have the store available for the GetSecret, GetAllSecrets calls, so I am not sure how to save much. I could use a marker instance for groupIDs in case inheritance is enabled so it does not need to be propagated into the store.
As for the reasoning, I dont think this looks much better especially since the called function returns g.groupIDs:
gids, err := g.ResolveGroupIds()
...
g.groupIDs = gids
Member
There was a problem hiding this comment.
it's just a minor thing i would've done differently, but i'm happy to merge it in as it is if you prefer that, i don't wanna be picky :)
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
|
Kudos, SonarCloud Quality Gate passed!
|
moolen
approved these changes
Nov 21, 2022
Member
|
Thanks a lot @domizei385 for your contribution! ❤️ |
|
Thank you @moolen and @domizei385 Great work ! |
Contributor
Author
|
Resolved: #1510 |
coolguy1771
referenced
this pull request
in coolguy1771/home-ops
Dec 11, 2022
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://togithub.com/external-secrets/external-secrets) | minor | `0.6.1` -> `0.7.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets</summary> ### [`v0.7.0`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.7.0) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.6.1...v0.7.0) Image: `ghcr.io/external-secrets/external-secrets:v0.7.0` Image: `ghcr.io/external-secrets/external-secrets:v0.7.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.7.0-ubi-boringssl` \#-# Changes - ✨PushSecret feature ([https://github.com/external-secrets/external-secrets/pull/1315](https://togithub.com/external-secrets/external-secrets/pull/1315)) - ✨ Secret Generators feature ([https://github.com/external-secrets/external-secrets/pull/1539](https://togithub.com/external-secrets/external-secrets/pull/1539)) - ✨ gitlab: getAllSecrets ([https://github.com/external-secrets/external-secrets/pull/1681](https://togithub.com/external-secrets/external-secrets/pull/1681)) - ✨ gitlab: support for CI/CD group variables ([https://github.com/external-secrets/external-secrets/pull/1692](https://togithub.com/external-secrets/external-secrets/pull/1692)) - ✨ release manifests added to each release ([https://github.com/external-secrets/external-secrets/pull/1728](https://togithub.com/external-secrets/external-secrets/pull/1728)) - ✨ FIPS compliant build using boringcrypto ([https://github.com/external-secrets/external-secrets/pull/1731](https://togithub.com/external-secrets/external-secrets/pull/1731)) - ✨ gitlab: support environment_scope tag for findAll ([https://github.com/external-secrets/external-secrets/pull/1732](https://togithub.com/external-secrets/external-secrets/pull/1732)) - ✨ Add secret metadata templating from secret values ([https://github.com/external-secrets/external-secrets/pull/1740](https://togithub.com/external-secrets/external-secrets/pull/1740)) - ✨ Allow chart to configure metrics-addr flag based on metric port values ([#​1764](https://togithub.com/external-secrets/external-secrets/issues/1764)) - 🐛 Fixing release pipeline for boringssl ([#​1763](https://togithub.com/external-secrets/external-secrets/issues/1763)) - 🐛 gitlab: allow fallback to wildcard variable, when no environment specific value is defined ([#​1772](https://togithub.com/external-secrets/external-secrets/issues/1772)) - 🐛 fix sync calls metrics & defer patch status ([#​1770](https://togithub.com/external-secrets/external-secrets/issues/1770)) - 📚 chore: improve naming in examples, regenerate api doc spec ([#​1746](https://togithub.com/external-secrets/external-secrets/issues/1746)) - 📚Update getallsecrets.md ([#​1774](https://togithub.com/external-secrets/external-secrets/issues/1774)) - 📚 fix: SecretStore link ([#​1773](https://togithub.com/external-secrets/external-secrets/issues/1773)) - 📚 feat: improve docs ([#​1749](https://togithub.com/external-secrets/external-secrets/issues/1749)) - 📚 fix: broken links in reference doc ([#​1778](https://togithub.com/external-secrets/external-secrets/issues/1778)) - 📚 Added KCD UK 2022 talk ([#​1795](https://togithub.com/external-secrets/external-secrets/issues/1795)) - 🧹 Several version bumps </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC41NC4wIiwidXBkYXRlZEluVmVyIjoiMzQuNTQuMCJ9--> Co-authored-by: lumiere-bot <98047013+lumiere-bot[bot]@users.noreply.github.com>
sourav977
added a commit
to cloudant/external-secrets
that referenced
this pull request
Feb 14, 2023
…ts main branch (#8) * Add DaangnPay to ADOPTERS.md (external-secrets#1668) Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> * 🐛 Implements new buildPath logic (external-secrets#1636) Signed-off-by: Gustavo <gusfcarvalho@gmail.com> * fix: allow controller to `delete` delete externalsecrets (external-secrets#1670) When using ClusterExternalSecret the controller needs to delete external-secret resources Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: attach sbom/provenance files to GH release, fix clomonitor (external-secrets#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bump 0.6.1 (external-secrets#1678) * chore: bump 0.6.1 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: increase timeout for azure/e2e test Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Link to video was broken (external-secrets#1680) Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> * Feature: initial generator implementation + Github Actions OIDC/AWS (external-secrets#1539) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumping versions (external-secrets#1688) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨gitlab: getAllSecrets (external-secrets#1681) * gitlab: getAllSecrets Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * Update pkg/provider/gitlab/gitlab.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: added some test coverage Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * 🧹Update index.md (external-secrets#1689) Signed-off-by: Idan Adar <iadar@il.ibm.com> Signed-off-by: Idan Adar <iadar@il.ibm.com> * 🧹Bumping versions (external-secrets#1708) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 📚Update hashicorp-vault.md (external-secrets#1690) * Update hashicorp-vault.md Vault with HA setup does not have kv engine enabled by default, have added step to enable kv engine with correct version and enabling version if already added. Signed-off-by: Jeet <jeetdesai2342@gmail.com> * Update hashicorp-vault.md Signed-off-by: Jeet <jeetdesai2342@gmail.com> * Update hashicorp-vault.md Add comment on SecretStore.yaml Signed-off-by: Jeet <jeetdesai2342@gmail.com> Signed-off-by: Jeet <jeetdesai2342@gmail.com> * feat: bump deps (external-secrets#1729) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update getting-started.md (external-secrets#1716) Delete 1 whitespace Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.141 to 1.44.142 (external-secrets#1730) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.141 to 1.44.142. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.44.141...v1.44.142) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * gitlab: support for CI/CD group variables (external-secrets#1692) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * chore: bump dependencies (external-secrets#1741) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add manual build trigger (external-secrets#1742) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Proposal Draft for Secret Generators (external-secrets#1338) * Proposal Draft for Secret Generators Signed-off-by: Christian Hüning <christian.huening@finleap.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add release manifests (external-secrets#1728) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: fips compliant build using boringcrypto (external-secrets#1731) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * gitlab: support "environment_scope" tag for findAll (external-secrets#1732) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * Feature: Add secret metadata templating from secret values (external-secrets#1740) * handle template data for secret labels & annotations Signed-off-by: Steven Bressey <steven.bressey@artifakt.io> * gitlab: small documentation updates (external-secrets#1747) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: bump 0.7.0-rc1 (external-secrets#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: improve naming in examples, regenerate api doc spec (external-secrets#1746) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update getallsecrets.md (external-secrets#1774) typo Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> * gitlab: allow fallback to wildcard variable, when no environment specific value is defined (external-secrets#1772) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * fix: SecretStore link (external-secrets#1773) Signed-off-by: czomo <tomaszjdul@gmail.com> Signed-off-by: czomo <tomaszjdul@gmail.com> * fix sync calls metrics & defer patch status (external-secrets#1770) * fix: increment sync_calls_total metric once per reconciliation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: patch status only if not skipped Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: unit tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 📚 feat: improve docs (external-secrets#1749) Signed-off-by: Djerfy <djerfy@gmail.com> * chore(deps): bump fkirc/skip-duplicate-actions from 5.2.0 to 5.3.0 (external-secrets#1777) Bumps [fkirc/skip-duplicate-actions](https://github.com/fkirc/skip-duplicate-actions) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/fkirc/skip-duplicate-actions/releases) - [Commits](fkirc/skip-duplicate-actions@v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: fkirc/skip-duplicate-actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Allow chart to configure metrics-addr flag based on metric port values (external-secrets#1764) * add cmd option to configure metrics port Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * fix: broken links in reference doc (external-secrets#1778) Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> * 🧹chore: bumps (external-secrets#1792) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Added KCD UK 2022 talk (external-secrets#1795) I've added the talk we have delivered with Ben Gurney at Kubernetes Community Days UK 2022 conference. Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> * 🧹chore:bumps (external-secrets#1797) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🐛 fixing docs release (external-secrets#1799) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹chore:bump 0.7.0 (external-secrets#1800) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹chore(deps): bump actions/setup-python from 4.3.0 to 4.3.1 (external-secrets#1802) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹chore(deps): bump golang from 1.19.3-alpine to 1.19.4-alpine (external-secrets#1801) Bumps golang from 1.19.3-alpine to 1.19.4-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹 chore: bumps (external-secrets#1807) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Add flag to set CRD names in cert controller (external-secrets#1811) * added new crd-names flag to reconcile only installed CRDs in cert controller Signed-off-by: Steven Bressey <sbressey@bressey.me> * add guide to disable cluster features Signed-off-by: Steven Bressey <sbressey@bressey.me> * fix fmt Signed-off-by: Steven Bressey <sbressey@bressey.me> Co-authored-by: Steven Bressey <sbressey@bressey.me> * [FEATURE] Customizable encoding of logging timestamp (external-secrets#1808) Objective of this commit is to allow logs to be more readable. Default log ts encoding in the logger employed (zap) is unix time. This leads to logs not much human-readable. This change introduces the possibility to customize the ts with a set of preconfigured encodings: one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano' Default value does not change Signed-off-by: RiccardoColella <colella.git@outlook.com> Signed-off-by: RiccardoColella <colella.git@outlook.com> * Add note on required Service Account roles. (external-secrets#1814) I wasted a couple of hours to figure out that this documentation only works with the correct roles attached to the GCP Service account as described here: https://stackoverflow.com/a/63240340 Adding a hint to the docs here, could make it more accessible for others. Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> * fix: add status checks permission (external-secrets#1813) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: replace bad URLs (external-secrets#1815) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Add license scan report and status (external-secrets#1818) Signed-off-by: fossabot <badges@fossa.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fix typo (external-secrets#1826) Signed-off-by: dubs11kt <dubs11kt@gmail.com> Signed-off-by: dubs11kt <dubs11kt@gmail.com> * feat: add fossa check (external-secrets#1819) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * chore: bumps (external-secrets#1852) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ Templates from string (external-secrets#1748) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * chore: bump golang-jwt (external-secrets#1858) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add ability to set automount to false (external-secrets#1859) Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> * 🐛 gitlab: Fallback to wildcard variables and use pagination (bugfix) (external-secrets#1838) * gitlab: fallback to wildcard variables when using "GetAllSecrets" Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * 🐛 Use the right metrics annotations for the webhook service (external-secrets#1841) * 🧹 chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.171 to 1.44.172 (external-secrets#1857) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.171 to 1.44.172. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.44.171...v1.44.172) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 🧹 bump 0.7.1 (external-secrets#1861) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fixing links and adding stability support for 0.7.x (external-secrets#1863) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🐛 Fixes vault PushSecret logic (external-secrets#1866) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ Implements Deletion policy for Hashicorp vault. (external-secrets#1879) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * ✨ AWS Role Chaining (external-secrets#1855) Signed-off-by: cspargo <colinspargo@gmail.com> * fix: typo (external-secrets#1894) Signed-off-by: cDR (Taco) <me@codar.nl> Signed-off-by: cDR (Taco) <me@codar.nl> * 🧹 chore: bumps (external-secrets#1896) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * feat: referent auth for gcp (external-secrets#1887) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update 1password-automation.md (external-secrets#1895) updating docs to reflect the correct command and template format as per https://developer.1password.com/docs/cli/create-item Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> * fix: explicitly use new kubectl gcp auth (external-secrets#1904) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🐛 GCP: prevent goroutine leak on workload identity reconciliation (external-secrets#1902) Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com> * aws secretsmanager/parameterstore referent auth (external-secrets#1884) * feat: implement referentAuth for aws Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * feat: allow each credential to be referent Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> * ✨ Adds Keyvault PushSecret (external-secrets#1883) * Adds Keyvault PushSecret Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Added my new blog post (external-secrets#1909) I've added my new blog post about Push Secret feature. Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> * ✨ implement azure referent auth (external-secrets#1886) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🧹 chore: bumps (external-secrets#1913) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumps (external-secrets#1923) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 chore: bumps (external-secrets#1925) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * 🧹 bump: 0.7.2 (external-secrets#1926) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Update README.md (external-secrets#1930) Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> * Set GOOS and GOARCH from TARGETPLATFORM (external-secrets#1915) Removed hardcoded, single platform values for GOOS and GOARCH. Set GOOS and GOARCH from TARGETPLATFORM to build multi-platform images. Ref: https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope Ref: https://docs.docker.com/build/building/multi-platform/ Build a multi-platform image `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * 🐛 fixing image rebuild pipeline (external-secrets#1934) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * Update aws-parameter-store.md (external-secrets#1931) Signed-off-by: Denis Policastro <denis.policastro@gmail.com> Signed-off-by: Denis Policastro <denis.policastro@gmail.com> * ✨ Feature/deletion policies (external-secrets#1914) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * feat: make cache generic, refactor feature flags (external-secrets#1640) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 📚 use more inclusive language (external-secrets#1927) Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk> * ✨ Support template for webhook jsonpath (external-secrets#1939) * Support template for webhook jsonpath Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Add jsonpath filter support to webhook (external-secrets#1940) * Add jsonpath filter support to webhook Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix tests Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix wrong IAM permissions in docs for the AWS Parameter Store (external-secrets#1949) Signed-off-by: Tobias Germer <tobias.germer@tui.com> * 🐛 no need to use cgo (external-secrets#1935) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🐛 Fixing PushSecret CRD generation (external-secrets#1967) * Fixing PushSecret CRD generation Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * fix: increase hashicorp vault cache size to prevent eviction Also remove tiny cache size from e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> * feat: bump packages (external-secrets#1976) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update full-cluster-secret-store.yaml (external-secrets#1953) Add Oracle provider Signed-off-by: Evert Ramos <evert.ramos@gmail.com> * 🐛 remove ability to call env and expandenv in webhook (external-secrets#1977) This allows an attacker to exfiltrate environment variables. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * ✨ enhance ServiceMonitor configuration (external-secrets#1973) * Fix external-secrets#1971 Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> * PR feedback Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> * fix: generate helm docs --------- Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * ✨ add ability to configure `revisionHistoryLimit` in helm chart (external-secrets#1979) * feat: add ability to configure `revisionHistoryLimit` for all Deployment resources of the helm chart This enables to turn ReplicaSet revisions off completely, e.g. when deploying ExternalSecrets with GitOps approach. Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> * fix: generate helm docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * ✨ add-keeper-security-provider (external-secrets#1768) * add keepersecurity provider Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (external-secrets#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (external-secrets#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (external-secrets#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * chore: bump 0.7.0-rc1 (external-secrets#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret first iteration Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret and updated documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * refactor client Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * update code and unit tests Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix custom fields Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * making it reviewable Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix custom field on secret map Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update docs/snippets/keepersecurity-push-secret.yaml Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fixed edge case, improved validation errors and updated docs Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix logic retrieving secrets Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update pkg/provider/keepersecurity/client.go Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * lint code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * linting code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * go linter fixed Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix crds and documentation Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> * 🐛 fix panic when using jwt without secretRef/saRef (external-secrets#1980) Fixes external-secrets#1957 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * 🧹 bump dependencies & regenerate CRDs (external-secrets#1990) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Fixed broken link (external-secrets#1992) * fix: fix validation method in kubernetes provider (external-secrets#2000) RBAC allows a user to define a wildcard `*` for a given field in the Resource Rule. Prefix/Suffix matching or globbing is not supported, just simple wildcards. For example the cluster-admin role has a `*` on all apiVersion/resource/verbs and hence validation would fail. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Signed-off-by: Gustavo <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Idan Adar <iadar@il.ibm.com> Signed-off-by: Jeet <jeetdesai2342@gmail.com> Signed-off-by: Seonggwon Yoon <keyakoto@gmail.com> Signed-off-by: Christian Hüning <christian.huening@finleap.com> Signed-off-by: Steven Bressey <steven.bressey@artifakt.io> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pascal Bro <git@pascalbrokmeier.de> Signed-off-by: czomo <tomaszjdul@gmail.com> Signed-off-by: Djerfy <djerfy@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Jiacheng Cheng <jiacheng.cheng@sap.com> Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Signed-off-by: Steven Bressey <sbressey@bressey.me> Signed-off-by: RiccardoColella <colella.git@outlook.com> Signed-off-by: Jakob Kolb <jakob.j.kolb@gmail.com> Signed-off-by: fossabot <badges@fossa.com> Signed-off-by: dubs11kt <dubs11kt@gmail.com> Signed-off-by: Moritz Johner <Moritz.Johner@form3.tech> Signed-off-by: cspargo <colinspargo@gmail.com> Signed-off-by: cDR (Taco) <me@codar.nl> Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com> Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com> Signed-off-by: a27kash <a27kash@gmail.com> Signed-off-by: Denis Policastro <denis.policastro@gmail.com> Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Tobias Germer <tobias.germer@tui.com> Signed-off-by: Evert Ramos <evert.ramos@gmail.com> Signed-off-by: mikhailadvani <mikhail.advani@gmail.com> Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Byungjin Park (Claud) <posquit0.bj@gmail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Sebastián Gómez <1637983+sebagomez@users.noreply.github.com> Co-authored-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Idan Adar <iadar@il.ibm.com> Co-authored-by: Jeet <jeetdesai2342@gmail.com> Co-authored-by: Seonggwon Yoon <keyakoto@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Christian Hüning <christianhuening@users.noreply.github.com> Co-authored-by: Steven Bressey <80676978+stevenbressey@users.noreply.github.com> Co-authored-by: Pascal Bro <git@pascalbrokmeier.de> Co-authored-by: Tomasz <35335044+czomo@users.noreply.github.com> Co-authored-by: DJΞRFY <djerfy@gmail.com> Co-authored-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: cjc7373 <niuchangcun@gmail.com> Co-authored-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Co-authored-by: Steven Bressey <sbressey@bressey.me> Co-authored-by: Riccardo Colella <colella.git@outlook.com> Co-authored-by: Jakob Kolb <jakob.j.kolb@gmail.com> Co-authored-by: fossabot <badges@fossa.io> Co-authored-by: oddy <56793934+dubs11kt@users.noreply.github.com> Co-authored-by: Moritz Johner <100202497+moritzjohner-form3@users.noreply.github.com> Co-authored-by: Florent Baldino <Baldinof@users.noreply.github.com> Co-authored-by: cspargo <4132393+cspargo@users.noreply.github.com> Co-authored-by: cDR (Taco) <me@codar.nl> Co-authored-by: Ahsan Gondal <ahsangondal15@gmail.com> Co-authored-by: Hiroshi Muraoka <hiroshi.muraoka@outlook.com> Co-authored-by: Lucas Severo Alves <lucassalves65@gmail.com> Co-authored-by: a27kash <a27kash@gmail.com> Co-authored-by: Denis Policastro <denis.policastro@gmail.com> Co-authored-by: Gareth Evans <garethjevans@users.noreply.github.com> Co-authored-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Co-authored-by: Tobias Germer <bvrcreepyx@hotmail.de> Co-authored-by: Evert Ramos <evert.ramos@gmail.com> Co-authored-by: Mikhail Advani <mikhail.advani@gmail.com> Co-authored-by: Marcel Hoyer <mhoyer@pixelplastic.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Support for pulling in group variables
Due to the amount of calls to recursively determine parent groups of a project, the groups to pull in secrets from will have to be manually configured (through groupIDs).